File Manager
Back to List
| Current Directory: ~/
Editing: search_letexcel.asp
Full path: C:\ict\ICT\search_letexcel.asp
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<%response.cachecontrol="private"%> <!--#INCLUDE FILE="ConnectDB.asp"--> <!--#include file="chk_login.asp"--> <% Response.Buffer = TRUE Response.ContentType = "application/vnd.ms-excel" Response.AddHeader "content-disposition","attachment; filename=thefile.xls;" 'Response.ContentType = "application/vnd.ms-excel" 'Response.AddHeader "Content-Disposition", "filename=excelfile.xls" pern=session("username") per="2" tb="letterin" sqlnc="select * from tb_permission where id_staff='"&pern&"' and tb_edit='"&per&"' and tb_name='"&tb&"'" set orsnc=server.createobject("adodb.recordset") orsnc.open sqlnc,conn,1,3 'if not orsnc.eof then %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="100%" border="1" cellspacing="0"> <tr> <td height="21" colspan="9"><div align="center">�š�ä��Ң�����˹ѧ������</div></td> </tr> <% type1=request.form("type1") type2=request.form("type2") type3=request.form("id_itletter") keyword=request.form("keyword") dreceive=request.form("dreceive") fm=request.form("fm") fy=request.form("fy") dend=request.form("dend") em=request.form("em") ey=request.form("ey") sql1=request.form("sql1") if fy="" then fy=0 end if if fm=1 then fm="01" elseif fm=2 then fm="02" elseif fm=3 then fm="03" elseif fm=4 then fm="04" elseif fm=5 then fm="05" elseif fm=6 then fm="06" elseif fm=7 then fm="07" elseif fm=8 then fm="08" elseif fm=9 then fm="09" end if if em=1 then em="01" elseif em=2 then em="02" elseif em=3 then em="03" elseif em=4 then em="04" elseif em=5 then em="05" elseif em=6 then em="06" elseif em=7 then em="07" elseif em=8 then em="08" elseif em=9 then em="09" end if if dreceive=1 then dreceive="01" elseif dreceive=2 then dreceive="02" elseif dreceive=3 then dreceive="03" elseif dreceive=4 then dreceive="04" elseif dreceive=5 then dreceive="05" elseif dreceive=6 then dreceive="06" elseif dreceive=7 then dreceive="07" elseif dreceive=8 then dreceive="08" elseif dreceive=9 then dreceive="09" end if if dend=1 then dend="01" elseif dend=2 then dend="02" elseif dend=3 then dend="03" elseif dend=4 then dend="04" elseif dend=5 then dend="05" elseif dend=6 then dend="06" elseif dend=7 then dend="07" elseif dend=8 then dend="08" elseif dend=9 then dend="09" end if dbegin=fy&""&fm&""&dreceive ddend=ey&""&em&""&dend 'response.write dbegin&" "&dend if type1=1 then typec="id_letter" typet="�Ţ���˹ѧ����Ѻ" elseif type1=2 then typec="titleletter" typet="��������ͧ" elseif type1=3 then typec="originletter" typet="�ҡ˹��§ҹ" elseif type1=4 then typec="id_sent" typet="�Ţ���˹ѧ�����" else typec="0" typet="����к�" end if 'response.write type1&"-"&type2&"-"&keyword&"-"&dreceive&"-"&fm&"-"&fy&"-"&dend&"-"&em&"-"&ey if type1=0 and type2<>99 then '�͡������˹ѧ��� �����͡��Ҩ��ҷ��� if keyword="" then '���͡��������� ��� ��˹ѧ��ͻ�������� �ء � ��Ѻ1 sql1="select * from letterin where id_typeletin='"&type2&"' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter,yreceive desc" else '�͡��������� ��� ��˹ѧ��ͻ�������� �����͡����ҷ���˹2 sql1="select * from letterin where titleletter like '%"&keyword&"%' or originletter like '%"&keyword&"%' or id_letter like '%"&keyword&"%' or wordding like '%"&keyword&"%' and id_typeletin='"&type2&"' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" end if elseif type1<>0 and type2=99 and keyword<>"" then '�͡����ҷ��� ������͡ ������˹ѧ��� �ѹ�������Ѻ��� ��˹ѧ���� �ҡ�ѹ���֧�ѹ��� 3�Ҩ������ ��к͡ ��������� sql1="select * from letterin where "&typec&" like '%"&keyword&"%' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" elseif type1=0 and type2=99 and keyword<>"" then sql1="select * from letterin where titleletter like '%"&keyword&"%' or originletter like '%"&keyword&"%' or id_letter like '%"&keyword&"%' or wordding like '%"&keyword&"%' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" elseif type1<>0 and type2<>99 and keyword<>"" then sql1="select * from letterin where "&typec&" like '%"&keyword&"%' and id_typeletin='"&type2&"' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" 'else sql1="select * from letterin order by id_letter desc" �ѹ��� ��� �����ҧ�ѡ���ҧ ��駻����� ��觷����� ��Ф�������� else sql1="select * from letterin where dbreceive between '"&dbegin&"' and '"&ddend&"'order by id_letter desc" end if '������繡�����ѹ���ͧ˹ѧ��� set ors1=server.CreateObject("adodb.recordset") ors1.open sql1,conn,1,3 'response.write sql1 'response.write "<tr><td height=21 colspan=6>" 'response.write "��觷����� ���</td></tr>" 'response.write "<tr><td height=21 colspan=9>" sqlt="select * from itletter where id_itletter='"&type3&"'" set orst=server.CreateObject("adodb.recordset") orst.open sqlt,conn,1,3 if not orst.eof then 'response.write "������˹ѧ��� "&orst("itletter") else 'response.write "������˹ѧ��� ����к�" end if 'response.write "<tr><td height=21 colspan=9>" sqlt="select * from type_letterin where id_typeletin='"&type2&"'" set orst=server.CreateObject("adodb.recordset") orst.open sqlt,conn,1,3 if not orst.eof then 'response.write "�ѵ�ػ��ʧ��ͧ˹ѧ��� "&orst("typeletin") else 'response.write "�ѵ�ػ��ʧ��ͧ˹ѧ��� ����к�" end if response.write "</td></tr>" 'response.write "<tr><td height=21 colspan=6>" 'response.write "���Ҩҡ "&typet 'response.write "</td></tr>" 'response.write "<tr><td height=21 colspan=6>" 'response.write "���Ӥѭ "&keyword 'response.write "</td></tr>" response.write "<tr><td height=21 colspan=9>" response.write "�ҡ�ѹ��� "&dreceive&"-"&fm&"-"&fy response.write " �֧�ѹ��� "&dend&"-"&em&"-"&ey ' If ors1("dued")="1" Then 'Response.write "<tr>" ' Response.wriet "<td bgcolor=#FFFFCC colspan=9>�ա�˹��觡�Ѻ(�-�-�) " ' Response.write ors1("duedate")&"-"&ors1("duemonth")&"-"&ors1("duey") ' Response.write "</td></tr>" ' End if response.write "</td></tr>" %> <tr> <td bgcolor="#c0c0c0"><div align="center" >�Ţ����Ѻ</div></td> <td bgcolor="#c0c0c0"><div align="center" >�ѹ����Ѻ˹ѧ��� </div></td> <td bgcolor="#c0c0c0"><div align="center" >�Ţ���˹ѧ���</div></td> <td bgcolor="#c0c0c0"><div align="center" >�ѹ �� �� </div></td> <td bgcolor="#c0c0c0"><div align="center" >�ҡ</div></td> <td bgcolor="#c0c0c0"><div align="center" >�֧</div></td> <td bgcolor="#c0c0c0"><div align="center" >����ͧ</div></td> <td bgcolor="#c0c0c0"><div align="center" >��û�Ժѵ�</div></td> <td bgcolor="#c0c0c0"><div align="center" >�����˵�</div></td> </tr> <% if not ors1.eof then 'response.write ".0." ors1.movefirst do while not ors1.eof dbreceive=cint(ors1("dreceive"))&"/"&cint(ors1("mreceive"))&"/"&cint(ors1("yreceive")) ii=i mod 2 if ii=0 then bgc="#e5e5e5" else bgc="#ffffff" end if %> <tr bgcolor=<%=bgc%>><td align=left valign=top> <% i=i+1 ' Response.write "(" 'Response.write ors1("dued") 'Response.write ")" response.write ors1("id_letter")&"</td>" response.write "<td align=left valign=top>" response.write ors1("dreceive")&"/"&ors1("mreceive")&"/"&ors1("yreceive")&"</td>" response.write "<td align=left valign=top>" response.write ors1("id_sent")&"</td>" 'if not orsnc.eof then ' response.write "[<a href=detail_letterin.asp?id="&ors1("id_letter")&">"&ors1("id_letter")&"</a>]</td>" 'else 'response.write ors1("id_letter") 'end if response.write "<td align=left valign=top >" response.write ors1("dletter")&"/"&ors1("mletter")&"/"&ors1("yletter") response.write "<td align=left valign=top>" response.write ors1("originletter")&"</td>" 'filename=ors1("filename") response.write "<td align=left valign=top>" response.write ors1("toname")&"</td>" response.write "<td align=left valign=top>" response.write ors1("titleletter") idl=ors1("id_letter") response.write "<td align=left valign=top>" if ors1("id_typeletin")="1" then '����ʴ������ 2 ���� ����Թ ���͡ 'response.write "[<a href=detail_letterin.asp?id="&ors1("id_letter")&">more..</a>]" response.write "�ؤ�ҡ÷ء����Һ" else 'exit do set ors2=server.CreateObject("adodb.recordset") osql2 = "Select * From staffletter where id_letter='"&idl&"' Order By id_staff Desc" ors2.Open osql2, conn, 1, 3 'response.write osql1 'b=2 c=0 if not ors2.eof then ors2.movefirst do while not ors2.eof 'idaaa=ors2("id_letter") c=c+1 sqls="select * from lecturer where id_lecturer='"&ors2("id_staff")&"'" set orss=server.createobject("adodb.recordset") orss.open sqls,conn,1,3 if not orss.eof then response.write orss("name_lec")&" "&orss("sur_lec")&"<br>" else sqlst="select * from staff where id_staff='"&ors2("id_staff")&"'" Set orsst=server.createobject("adodb.recordset") orsst.open sqlst,conn,1,3 if not orsst.eof then response.write orsst("name_st")&" "&orsst("sur_st")&"<br>" end If end If '���ҧ�ա��÷Ѵ ���ͺ͡��� �� ��¡�÷���ա�õԴ���%> <% statusread=ors2("statusread") ors2.MoveNext loop end if End if'����繻�Ъ�����ѹ�� �������ʴ����ͺؤ�ҡ� response.write "</td>" response.write "</tr>" '������ʴ������ŷ�������� If ors1("dued1")>0 Then Response.write "<tr>" Response.write "<td><td bgcolor=#ffffcc colspan=8 valign=top height=30>�ա�˹��觡�Ѻ(�-�-�) " Response.write ors1("duedate")&"/"&ors1("duemonth")&"/"&ors1("duey")&" | " Response.write ors1("dued_detail") Response.write "</td></tr>" End if ors1.movenext loop else response.write "<tr><td colspan=9>" response.write "����բ������ �</td></tr>" end if %> </table> </body> <!-- InstanceEnd --></html> <% %>